On Friday, 19 August 2022, the Singapore Computer Emergency Response Team (SingCERT) advised Google Chrome users to immediately install the latest security updates, following reports that hackers are exploiting a "high-severity vulnerability" flaw. While Google did not provide further information, the company has already released Chrome 104.0.5112.101 for Mac and Linux, and Chrome 104.0.5112.102/101 for Windows to address multiple vulnerabilities. (Source: Channel News Asia)
watchTowr commentary: “This vulnerability represents the fifth zero-day vulnerability this year that was discovered due to active exploitation, "in-the-wild." Effectively, this vulnerability was only discovered because an attacker used it against a target, only then leading to the discovery.
While software vulnerabilities are normal, and are at this point par-for-the-course, it is a clear indication of the aggression and lengths that well-resourced adversaries are going to do to compromise their targets.
With Google Chrome zero-days being valued in some cases as high as USD $2.5m, the investment and cost/benefit ratio being employed by adversaries is worth noting—and a trend that is unlikely to change.
While this won't be the last zero-day we see exploited in this manner, and not even the last we see for this year, it is clear that the aggression and persistence employed by well-resourced groups is only continuing.
Users are advised to follow the advice from experts like the Singapore Computer Emergency Response Team (SingCERT), and ensure that their systems are kept up-to-date with the latest patches.”